ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gnview-script-extraction

v1.0.0

本工具实现本地视频文件的上传与脚本分析,使用大模型支持对视频进行分析,同时支持自定义分析提示词,适配多种抖音/视频数据分析场景。

0· 88·0 current·0 all-time
by@gnview

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gnview/gnview-script-extraction.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "gnview-script-extraction" (gnview/gnview-script-extraction) from ClawHub.
Skill page: https://clawhub.ai/gnview/gnview-script-extraction
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gnview-script-extraction

ClawHub CLI

Package manager switcher

npx clawhub@latest install gnview-script-extraction
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, SKILL.md, and the included Python script all describe uploading an MP4 and calling VolcEngine ARK endpoints to analyze video; the network endpoints used (ark.cn-beijing.volces.com) match that purpose. However, the registry metadata lists no required environment variables or primary credential while SKILL.md and the script require an ARK API key; this metadata omission is an inconsistency.
Instruction Scope
Runtime instructions are narrowly scoped to: (a) open a local MP4 file, (b) POST it as form data to the ARK file upload endpoint, and (c) call the ARK responses endpoint with a JSON body including file_id and prompt. The script does not attempt to read other system files or unrelated environment variables.
Install Mechanism
This is an instruction-only skill with one small Python script and a single dependency (requests). No installer, downloads, or archive extraction are used; risk from install mechanism is low.
!
Credentials
The SKILL.md and script clearly require a VolcEngine ARK API key (ARK_API_KEY). The registry metadata, however, declares no required environment variables or primary credential. Additionally, the documentation instructs passing the API key as a command-line argument, which can leak to process listings or shell history — this is a privacy/credential-handling concern. The number and scope of credentials (single ARK API key) is otherwise proportional to the stated purpose.
Persistence & Privilege
The skill does not request always:true, does not install background components, and does not modify other skills or global agent configuration. It runs only when invoked.
What to consider before installing
What to consider before installing: - The script uploads your local MP4s to VolcEngine ARK (ark.cn-beijing.volces.com). Only install if you are comfortable sending those videos to that third-party service and its privacy policy. - The SKILL.md and script require an ARK API key, but the registry metadata does not declare this — the metadata should be updated. Treat this as a warning sign and prefer skills that declare required credentials explicitly. - The examples pass the API key as a CLI argument. That can expose the key via process listings (ps) or shell history. Prefer using a secure method (environment variable or a protected config file) and avoid pasting secrets on the command line. - Verify the endpoint and owner independently (homepage/source are missing). If you cannot confirm the skill author or the endpoint's legitimacy, avoid uploading sensitive videos. - The code appears straightforward (no obfuscated code) and performs only the described upload/analysis calls, but because the source and registry metadata are incomplete, proceed cautiously. If you need this functionality, ask the author to: (1) declare ARK_API_KEY in the skill metadata, (2) provide a homepage/source link, and (3) update instructions to accept credentials securely (env var or config) rather than as CLI args.

Like a lobster shell, security has layers — review code before you run it.

latestvk973ejn978qej2qqnq7f88rges84m5hk
88downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@gnview
latest
Download

触发词

当用户需要以下场景时,可调用此工具:

  • 视频内容结构化分析

依赖要求

  1. Python 3.7+
  2. 安装requests库:pip install requests
  3. 已获取API密钥(ARK_API_KEY)

使用方法

1. 上传本地视频

python3 scripts/script-extraction.py upload <本地视频路径> <ARK_API_KEY>

参数说明

  • 本地视频路径:待分析的本地MP4视频文件路径
  • ARK_API_KEY:VolcEngine ARK平台的API访问密钥

返回结果:成功上传后会输出视频文件ID(file_id),用于后续分析。

2. 分析视频脚本

python3 scripts/script-extraction.py analyze <file_id> <ARK_API_KEY> [--model <模型名称>] [--prompt <自定义提示词>]

参数说明

  • file_id:上传视频后获取的文件ID
  • ARK_API_KEY:同上
  • --model:可选,指定分析使用的大模型,默认值为doubao-seed-2-0-lite-260215
  • --prompt:可选,自定义分析提示词,默认提示词为: 
    请你描述下视频中的人物的一系列动作,以JSON格式输出开始时间(start_time)、结束时间(end_time)、事件(event)、是否危险(danger),请使用HH:mm:ss表示时间戳。

示例

# 使用默认模型和提示词分析
python3 scripts/script-extraction.py analyze v1-abc123 your-ark-key

# 自定义提示词,提取视频台词和场景
python3 scripts/script-extraction.py analyze v1-abc123 your-ark-key --prompt "请提取视频中的所有台词和对应的场景描述"

# 指定自定义模型
python3 scripts/script-extraction.py analyze v1-abc123 your-ark-key --model doubao-seed-2-0-pro-260215

输出说明

  • 上传成功:返回视频文件ID,可直接用于分析命令
  • 分析成功:返回格式化的JSON结果,包含视频分析的结构化数据,如动作时间、事件描述、危险等级等。

注意事项

  1. 仅支持MP4格式的视频文件
  2. 上传的视频文件大小需符合VolcEngine ARK的限制
  3. API密钥需妥善保管,避免泄露
  4. 自定义提示词需符合大模型的输入格式要求

Comments

Loading comments...